Method and system for abstracted and randomized one-time use passwords for transactional authentication
First Claim
1. A user authentication method comprising execution, by a processing system, of the steps of:
- receiving a request from a user to initiate an authentication session, the request comprising a unique identifier of the user;
accessing, using the unique identifier, a record stored in memory associated with the user, the stored record comprising at least a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the processing system, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections;
generating a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set, a number of elements in the predetermined symbol set being greater than a number of elements in the code set, and wherein at least one of the number of elements in the predetermined symbol set and the number of elements in the code set has been selected to provide a predetermined level of security against capture of the user-defined keyword by an unauthorised observer;
transmitting the one-time security matrix for presentation to the user;
receiving an ordered sequence of code values selected from the one-time security matrix and input by the user, the ordered sequence of code values corresponding with the ordered sequence of symbols of the user-defined keyword and the mapping thereof to the code values in the one-time security matrix;
validating the received ordered sequence of code values by comparison with an expected sequence of code values generated by the processing system and corresponding with the ordered sequence of symbols of the user-defined keyword and the mapping thereof to the code values in the one-time security matrix; and
generating an authentication result of the authentication session based upon the comparison.
2 Assignments
0 Petitions
Accused Products
Abstract
A security system and method for authenticating a user'"'"'s access to a target system is disclosed. The security system receives an authentication request from the user and generates a security matrix which comprises a mapping between each symbol within a symbol set and a code value randomly selected from a distinct code set. The number of elements in the symbol set and in the code set are selected to provide a predetermined level of security against capture of a user-defined keyword by an unauthorized observer. The security system sends the security matrix to the user and awaits a one-time code in response. The user forms the one-time code based on the user keyword and the security matrix. The security system validates the one-time code against the security matrix and the keyword to determine an authentication result, permitting or denying the user access to the target system.
22 Citations
26 Claims
-
1. A user authentication method comprising execution, by a processing system, of the steps of:
-
receiving a request from a user to initiate an authentication session, the request comprising a unique identifier of the user; accessing, using the unique identifier, a record stored in memory associated with the user, the stored record comprising at least a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the processing system, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections; generating a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set, a number of elements in the predetermined symbol set being greater than a number of elements in the code set, and wherein at least one of the number of elements in the predetermined symbol set and the number of elements in the code set has been selected to provide a predetermined level of security against capture of the user-defined keyword by an unauthorised observer; transmitting the one-time security matrix for presentation to the user; receiving an ordered sequence of code values selected from the one-time security matrix and input by the user, the ordered sequence of code values corresponding with the ordered sequence of symbols of the user-defined keyword and the mapping thereof to the code values in the one-time security matrix; validating the received ordered sequence of code values by comparison with an expected sequence of code values generated by the processing system and corresponding with the ordered sequence of symbols of the user-defined keyword and the mapping thereof to the code values in the one-time security matrix; and generating an authentication result of the authentication session based upon the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A user authentication apparatus comprising:
-
a computer-readable data store containing one or more records, each of which is associated with a user by a unique identifier and comprises at least a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the user authentication apparatus, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections; and a computer-implemented processor comprising a digital electronic processing unit and associated stored program instructions which, when executed by the processing unit, cause the processing unit to; receive a request from a user to initiate an authentication session, the request comprising the unique identifier associated with the user; access in the data store, using the unique identifier, the stored record associated with the user; generate a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set, a number of elements in the predetermined symbol set being greater than a number of elements in the code set, and wherein at least one of the number of elements in the predetermined symbol set and the number of elements in the code set has been selected to provide a predetermined level of security against capture of the user-defined keyword by an unauthorised observer; transmit the one-time security matrix for presentation to the user; receive an ordered sequence of code values selected from the one-time security matrix and input by the user, the ordered sequence of code values corresponding with the ordered sequence of symbols of the user-defined keyword and the mapping thereof to the code values in the one-time security matrix; validate the received ordered sequence of code values by comparison with an expected sequence of code values generated by the processing system and corresponding with the ordered sequence of symbols of the user-defined keyword and the mapping thereof to the code values in the one-time security matrix; and generate an authentication result of the authentication session based upon the comparison. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification